There are no patches for zero-days this month, and the company patched two security bugs about which exploitation details had become public (CVE-2018-0808 and CVE-2018-0940). However, the company did not detect any threat actor trying to exploit any of these flaws before releasing today’s patches.

A few Internet Explorer, Edge, and ChakraCore vulnerabilities did receive a “critical” rating and users should make sure they apply the proper patches.

All in all, this month’s security patches are rather tame compared to last year’s March Patch Tuesday that included fixes for vulnerabilities that the Shadow Brokers would eventually release a month later, in April 2017, such as EternalBlue, EternalSynergy, DoublePulsar, and many others.

Adobe Publishes Security Fixes

But besides Microsoft, Adobe has also released its monthly security advisories, as well. This month, the company fixed two critical remote code execution flaws in Flash Player (CVE-2018-4919 and CVE-2018-4920).

These flaws were discovered by Yuki Chen of Qihoo 360 Vulcan Team working with the Chromium Vulnerability Rewards Program. After today’s patches, the most recent Flash Player version should be v29.0.0.113.

A table listing of all the security issues Microsoft fixed this month is provided here. We used PowerShell and the Microsoft API to assemble the table below, but the report is much longer. We hosted the full report on GitHub, here.

If you’re not interested in all security updates and you’d like to filter updates per product, you can use Microsoft’s official Security Update Guide portal, accessible here.